Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

Backdoor SHA256 hashes:
9ceb37c55a1e55afe50e2b892d3756e5c89ee71131245f5da72c1b8dd0005b99
6eec892054e6cb1addbde2fa92d3ccb5d56d37aa992f81f9106aaf124b9d3525
20f09959706797b81b2a4de627c01d0c0d890d142954d455a0e50f7811bdc951
7ff329e0a20a96dd4d0e8b42a216ade348161566250b7e39e166031c881f34d0
12435ae8d190c4a0cae64009416f17195dbb7f7ca732b69e6178e9dd4c66fcb2
19f94c523d4488a50584dd3d96500820e4f479cadcef4d14a1dd7cf939cd3154
dc4277e5f6e76ef3f5c0da8a6703acd69a017747aac0413f7248911e51214641
b66dab4fbdae54eea59313fd218abc96a54c0bbf0ab774dbe8776de9322510b2
D095E636400EE633AE22488BBA77D53F584F1FF279FD604BB6E60C0211D1957E
99027cf9f6fcce91d1d08a8cc15043912e51aff82804d4678c7b453e55899404
3d753a9e8e6ab22a498f7c6702910ea3e77ca8ef524f8435ac4614a9d4cbf345
c75c5d7b4bdedcf5c6e78305d62f6830f4766c4517cf650a36493e19574c507d
a133b1839bad5616b51915f2dfe420be36e05ee5c5f1c8e81220177b14c12848
01ef286f55d1a15f308f2bed102bec0916d799d8e883a48117cecfe713a74267
1887185af63849aea9cdd7855b638110447842f178fca9cd81b76c72acd16e68
3dcad2fdebd68390ea4a80398593cfc3360ef51291b853cb3e9a607915ec74cb
aa7bc130c5340364f61074f7c98651e80db3b08396a4fb449f614e0889acfdd3
c0b1deaa2598936c284684b50a652f98771a129e882f382ac011d5ab984fd132
1185fa967aa989d5e072577e493d2b307c48181480129d4c45337da64d5bfd25
d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1
644b88ce37d8ccb9258df6fcd74c6b485323dcfd9feb0f961252e6c311241703
0b2e9328d82a045ce00f6b1b449ae32d8997f631f691350ea39d85c78eb66216
18e2b7df374a838a57ebf3186b13a26e523cf964afde50b7ba765ed4d5509670
d72ea22e6f35e848a2e5870863e410f0434013ad43c3f5b6935168fc07c7d7b0

Earth Lusca’s archive:
aa5ff64cadabd2d8aba7963c2372270bbfdafa155f85a9a9ec2b57674cf8173e


Earth Lusca’s LNK file:
FCF0CF8A19FA16792771310462D36F3C059ED7D36EF90899316313F4626D24D7


Earth Lusca’s DLL decryptor:
FD3205EDEF38248C059898274F5818ABBCB757ADB707CA47580D4B16772A38D1


Extracted C&Cs:
39.105.121.123:9999
39.107.101.26:9999
47.94.223.124:9999
47.94.166.190:9999
59.110.136.109:9999
123.56.45.175:81
123.57.223.22:81
39.107.75.91:81
182.92.101.4:81
123.56.45.175:443
123.57.223.22:443
39.107.75.91:443
182.92.101.4:443
123.57.6.3:81
39.107.67.131:81
101.200.156.217:81
182.92.155.149:81
123.57.218.176:81
47.99.78.41:443
47.96.97.77:443
47.96.5.136:443
47.96.135.49:443
116.62.120.97:443
123.57.60.94:443
39.105.107.130:443
182.92.233.242:443
47.94.229.250:443
182.92.169.60:443
47.96.160.242:443
116.62.231.152:443
47.96.13.99:443
47.98.173.175:443
47.97.109.62:443
139.224.254.181:53
139.224.45.232:53
47.102.36.88:53
47.101.43.111:53
139.196.196.178:53
123.57.60.94:8081
39.105.107.130:8081
182.92.233.242:8081
47.94.229.250:8081
182.92.169.60:8081
47.100.98.234:443
106.14.175.235:443
106.15.193.24:443
47.100.121.195:443
47.100.59.42:443
47.100.160.164:80
47.101.48.168:80
47.101.137.187:8032
139.196.89.210:80
106.15.90.75:80
47.93.38.26:53
39.106.135.228:53
47.95.198.228:53
101.201.68.58:53
47.94.194.248:53
182.92.243.166:1433
47.95.168.191:80
47.98.121.179:443
47.96.106.167:443
116.62.142.53:443
121.40.70.23:443
118.31.53.137:443
47.98.50.198:80
39.106.40.121:53
101.200.63.187:53
101.201.35.96:53
39.107.231.100:53
47.95.12.152:53
47.94.20.102:443
101.201.69.42:443
47.94.202.137:443
47.94.193.44:443
47.94.227.15:443
47.94.143.163:443
39.106.13.202:443
47.93.47.186:443
59.110.226.246:443
47.94.200.23:443